Opened 2 months ago

Closed 2 months ago

#31587 closed defect (duplicate)

Conflicting metadata which could lead to fingerprinting

Reported by: bigsteve1337 Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor Browser Version: 60.8.0esr
OS: MacOS Mojave

When I go to http://whatsmyos.com/ it tells me I am using Windows 7, which is good.

However, if I go to https://brave.com it figures out that I am on MacOS and automatically defaults to the MacOS download.

This is conflicting metadata and is prone to fingerprinting (which is exactly what the fake Windows 7 info was trying to avoid).

After checking on panopticlick, I realized the conflict comes from:

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

Platform: MacIntel

Perhaps it's as easy as making the 'Platform' HTTP header just match the Windows user agent?

Child Tickets

Change History (2)

comment:1 Changed 2 months ago by Thorin

This is because HTTP headers and JS navigator objects can return different results: by design: see #28290. Headers are always Windows (why give away free entropy), but (for now) JS will return one of four OSes due to breakage.

Since all Mac users, or all Linux users, etc are in the same boat: there's no extra FPing here. Detecting your OS via other means is trivial anyway.

Close as dupe of #28290 ?

Edit: extra reading homework: https://trac.torproject.org/projects/tor/ticket/28290#comment:7

Last edited 2 months ago by Thorin (previous) (diff)

comment:2 Changed 2 months ago by boklm

Resolution: duplicate
Status: newclosed

Closing as duplicate of #28290.

Note: See TracTickets for help on using tickets.